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A s ecure and private systenn f or s u b scr iption-based remote se rv ices 
Pino Persiano, Ivan Visconti 

November 2003 ACM Transactions on Information and System Security (TISSEC), 

Volunne 6 Issue 4 

Publisher: ACM Press 

Full text available- W] |3d.f(241 ,65 KB) Additional Information: fiJlLciMLon, abstract, references, citings, index 

In this paper we study privacy issues regarding the use of the SSL/TLS protocol and 
X.509 certificates. Our main attention is placed on subscription-based remote services 
(e.g., subscription to newspapers and databases) where the service manager charges a 
flat fee for a period of time independent of the actual number of times the service is 
requested. We start by pointing out that restricting the access to such services by using 
X.509 certificates and the SSL/TLS protocol, while preserving the in ... 

Keywords: Access control, anonymity, cryptographic algorithms and protocols, privacy, 
world-wide web 
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Full text available: 'gj pdf(532.64 KB) review 

Certification is a common mechanism for authentic public key distribution. In order to 
obtain a public key, verifiers need to extract a certificate path from a network of 
certificates, which is called public key infrastructure (PKI), and verify the certificates on 
this path recursively. This is classical methodology. Nested certification is a novel 
methodology for efficient certificate path verification. Basic idea is to issue special 
certificates (called nested certificates) for other certifica ... 

Keywords: Digital certificates, key management, nested certificates, public key 
infrastructure 



^ Advances in public-key ce rti f i cate standard s 
Warwick Ford 

^ July 1995 ACM SIGSAC Review, volume 13 issue 3 
Publisher: ACM Press 

Full text available: Q pdf(566.65 KB) Additional Information: MLcitation, abstract, references, citings, index. 

te rms 

To build effective public-key infrastructures, well-entrenched standards are essential 
because nnany different applications and different vendor products need to be supported 
and used. Standards for public-key certificate and certificate revocation list (CRL) fornnats 
are nnost important. The recognized standard in this area is ITU-T X.509, first published in 
1988. In 1993, the Internet Privacy Enhanced Mail (PEM) proposals refined the use of 
X.509. However, more recently it has become apparent tha ... 

^ Age nts , inter a ct i ons, mobi lity a n d sy s tems: C ertificates for mobile code security 
^ Hock Kim Tan, Luc Moreau 

^ March 2002 Proceedings of the 2002 ACM symposium on Applied computing SAC '02 
Publisher: ACM Press 

Full text available: "^p d fCSAS.SQ KB) Additional Information: full citation, abstract, referen ce s, index term s 

The problenn of protecting mobile code from malicious hosts is an important security 
issue, for which many solutions have been proposed. We describe a method to adapt an 
existing technique, execution tracing, to enhance its flexibility in deployment for a large 
scale mobile agent system. This is achieved through the introduction of a trusted third 
party, the verification server, which undertakes the verification of execution traces on 
behalf of the platform launching the agent. The server constru ... 

Keywords: mobile agent certificates, mobile agent security, mobile agent security 
framework 



C ontrolle d and cooperative upd a te s o f X ML documen t s i n b y z ant i ne a n d fai lu re - 
p rone dist r ibuted sy stems 

Giovanni Mella, Elena Ferrari, Elisa Bertino, Yunhua Koglin 

November 2006 ACM Transactions on Information and System Security (TISSEC), 

Volume 9 Issue 4 
Publisher: ACM Press 

Full text available: ^ pdf(1.32 MB) Additional Information: f u ll citation, abstract, referenc es . Index term s 

This paper proposes an infrastructure and related algorithms for the controlled and 
cooperative updates of XML documents. Key components of the proposed system are a 
set of XML-based languages for specifying access-control policies and the path that the 
document must follow during its update. Such path can be fully specified before the 
update process begins or can be dynamically modified by properiy authorized subjects 
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while being transmitted. Our approach is fully distributed in that eac ... 

Keywords: Byzantine and distributed systems, XML documents, policy languages, 
updates 



Trust requirements in identity management 
Audun J0sang, John Fabre, Brian Hay, James Dalziel, Simon Pope 

January 2005 Proceedings of the 2005 Australasian workshop on Grid computing and 
e-research - Volume 44 ACSW Frontiers '05 

Publisher: Australian Computer Society, Inc. 

Full text available: *Q pdf(164,43^^^K Additional Information: fuii citatim, abstract, references, index terms 

Identity nnanagennent refers to the process of representing and recognising entities as 
digital identities in computer networks. Authentication, which is an integral part of identity 
management, serves to verify claims about holding specific identities. Identity 
management is therefore fundamental to, and sometimes include, other security 
constructs such as authorisation and access control. Different identity management 
models will have different trust requirements. Since there are costs associate ... 

Overlay netw orks: Defending agai n st eclipse attacks on o v erlay networks 
AtuI Singh, Miguel Castro, Peter Druschel, Antony Rowstron 

September 2004 Proceedings of the 11th workshop on ACM SIGOPS European 
workshop: beyond the PC EWll 

Publisher: ACM Press 

Full text Qyja\\ab\e:^_pMlQlM}^^). Additional Information: fuii cit^^^ abstrad references, citings 

Overlay networks are widely used to deploy functionality at edge nodes without changing 
network routers. Each node in an overlay network maintains pointers to a set of neighbor 
nodes. These pointers are used both to maintain the overlay and to implement application 
functionality, for example, to locate content stored by overlay nodes. If an attacker 
controls a large fraction of the neighbors of correct nodes, it can "eclipse" correct nodes 
and prevent correct overlay operation. This Eclipse atta ... 

^ VVeb services: An advisor for web services security policies 
^ Karthlkeyan Bhargavan, Cedric Fournet, Andrew D. Gordon, Greg O'Shea 
>^ Novennber 2005 Proceedings of the 2005 workshop on Secure web services SWS '05 
Publisher: ACM Press 

Full text available:^ pdf (314.81 KB) Additional Information: full citation, ab stract, r eferen ces, inde x t erms 

We identify common security vulnerabilities found during security reviews of web services 
with policy-driven security. We describe the design of an advisor for web services security 
configurations, the first tool both to identify such vulnerabilities automatically and to offer 
redial advice. We report on its implentation as a plugin for Microsoft Web Services 
Enhancents (WSE). 

Keywords: WS-security, XML security, policy-driven security, web services 

A nnodel of OASIS role-based access control and its support for active security 

Jean Bacon, Ken Moody, Walt Yao 

November 2002 ACM Transactions on Information and System Security (TISSEC), 

Volume 5 Issue 4 

Publisher: ACM Press 

Full text available- "PI pdf(352 06 KB) ^*^^'^'onal Information: full ci tatio n, abstr act, fjefeiences, citi ngs, in dex 
" ^ "~ terms 
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OASIS is a role-based access control architecture for achieving secure interoperation of 
services in an open, distributed environment. The aim of OASIS is to allow autonomous 
management domains to specify their own access control policies and to interoperate 
subject to service level agreements (SLAs), Services define roles and implement formally 
specified policy to control role activation and service use; users must present the required 
credentials, in an appropriate context, in order to activat ... 

Keywords: Certificates, OASIS, RBAC, distributed systems, policy, role-based access 
control, service-level agreements 



Mu l t i vers i on concurrency c o n tr o l— theory and algorithms 
Philip A. Bernstein, Nathan Goodman 

December 1983 ACM Transactions on Database Systems (TODS), volume 8 issue 4 
Publisher: ACM Press 

Full text available- "SI pdf{1 40 MB). Additional Information: fuil citat i o n, ab s t rac t, references , citings, in dex 
^ terms 

Concurrency control is the activity of synchronizing operations issued by concurrently 
executing programs on a shared database. The goal is to produce an execution that has 
the same effect as a serial (noninterleaved) one. In a multiversion database system, each 
write on a data item produces a new copy (or version) of that data item. This paper 
presents a theory for analyzing the correctness of concurrency control algorithms for 
multiversion database systems. We use the the ... 



Keywords: transaction processing 



^2 Enhancing location privacy in wireless LAN through disposable interface jdentifiers: a Q 

quan tit ative analysis 

Marco Gruteser, Dirk Grunwald 

June 2005 Mobile Networks and Applications, volume lo issue 3 
Publisher: Kluwer Academic Publishers 

Full text available: "g] pdf(2.31 MB) Additional Information: full cjMioQ. abstract, referen c es, index ter m s 

The recent proliferation of wireless local area networks (WLAN) has Introduced new 
location privacy risks. An adversary controlling several access points could triangulate a 
client's position. In addition, interface identifiers uniquely identify each client, allowing 
tracking of location over tinne. We enhance location privacy through frequent disposal of a 
client's interface identifier. While not preventing triangulation per se, it protects against 
an adversary following a user's nnovements over ... 

Keywords: location privacy, wireless LAN 



''^ S ession 3C : Certifying alg o rit hn ns for recognizing in ter val gra phs an d perm uta tio n 
graphs 

Dieter Kratsch, Ross M. McConnell, Kurt Mehlhorn, Jeremy P. Spinrad 
January 2003 Proceedings of the fourteenth annual ACM-SIAM symposium on 
Discrete algorithms SODA '03 

Publisher: Society for Industrial and Applied Mathematics 

Full text available- pdf(1 00 MB) Additional Information: full citation, attract, Merences, citings, index 
' ^ terms 

A certifying algorithm for a decision problem is an algorithm that provides a certificate 
with each answer that it produces. The certificate is a piece of evidence that proves that 
the answer has not been compromised by a bug in the implementation. We give linear- 
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time certifying algorithms for recognition of interval graplis and permutation graplns. 
Previous algorithms fail to provide supporting evidence when they claim that the input 
graph is not a member of the class. We show that our cer ... 

^ ^ D ig jM...cMi|!ca tes : a survey of revocation methods 

Petra Wohlmacher 

November 2000 Proceedings of the 2000 ACM workshops on Multimedia MULTIMEDIA 
00 

Publisher: ACM Press 

Full text available* "S] pdf(455 31 KB) A^^'^'O"^' Information: full citation, attract, references, citings, index 

' t erms 

Digital certificates form a basis that allows entities to trust each other. Due to different 
constraints, a certificate is only valid within a specific period of tinne. Conning fronn several 
threats, there are innportant reasons why its validity nnust be ternninated sooner than 
assigned and thus, the certificate needs to be revoked. This paper provides a classification 
of revocation methods and gives an overview of the main methods like CRL, CRS, CRT, 
and OCSP. If and in which way a revocation meth ,,. 

Keywords: CRL, CRS, CRT, OCSP, X.509, attribute certificate, digital certificate, public- 
key certificate, revocation 



''^ EriYa.cy..e^^^ 

^ D. F. Hadj Sadok, Judith Kelner 

^ July 1994 ACM SIGCOMM Computer Communication Review, volume 24 issue 3 
Publisher: ACM Press 

Full text available: '^MMJBZ.IlJ'iB} Additional Information: full citation, abstract^ index terms 

The introduction of public key crypto-systems has opened the way to using security in 
distributed applications without imposing huge managennent overhead. Electronic nnail is 
one area where security is important. Privacy Enhanced Mail is emerging as a de-facto 
international standard for the interchange of secure e-mail. This paper discusses some of 
the current problematic issues of PEM and introduces a PEN User Agent developed to test 
some of its concepts. A number of PEM design and implementation ... 

Deficien c ies i n LDAP w h en u se d to support PKI 
^ David Chadwick 

March 2003 Communications of the ACM, volume 46 issue 3 
Publisher: ACM Press 

Full text available: "gMClfiMQ. KB) Additional Information: full cit at ion, abstract, refer enc es, citings, index 
W\ html{33. 33 KB ) terms 

Problenns arise when a protocol initially developed to sinnplify access to a distributed 
directory failed to take into account all the uses the directory was originally intended for. 

Peer-to-peer infrastructure: Secure routing for structured pee,r-tO:pee^^^^ 

^ networks 

^ Miguel Castro, Peter Druschel, Ayalvadi Ganesh, Antony Rowstron, Dan S. Wallach 
December 2002 ACM SIGOPS Operating Systems Review, volume 36 issue si 
Publisher: ACM Press 

Full text available: ^ pdfd .99 MB) Additional Information: fuil citation, ab stract, r e fere nce s. Ind ex term s 

Structured peer-to-peer overlay networks provide a substrate for the construction of 
• large-scale, decentralized applications, including distributed storage, group 
connmunication, and content distribution. These overlays are highly resilient; they can 
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route messages correctly even when a targe fraction of the nodes crash or the network 
partitions. But current overlays are not secure; even a small fraction of malicious nodes 
can prevent correct message delivery throughout the overlay. This problem ... 

Myltizage^^^^^^ and social behavior: A user-centric anonvnnous authorisation 

fra mew or k in e-connmerce environmen t 

Richard Au, Harikrishna Vasanta, Kim-Kwang Raymond Choo, Mark Looi 
March 2004 Proceedings of the 6th international conference on Electronic commerce 

ICEC 04 
Publisher: ACM Press 

Full text available: pdf(291.Q6 KB) Additional Information: full c ita tion. aMraQl. referen ces , citings 

A novel user-centric authorisation framework suitable for e-commerce in an open 
environment is proposed. The credential-based approach allows a user to gain access 
rights anonymously from various service providers who may not have pre-existing 
relationships. Trust establishment is achieved by making use of referrals from external 
third parties in the form of Anonymous Attribute Certificates, The concepts of One-task 
Authorisation Key and Binding Signature are proposed to fac ... 

Pas swo r d m a n agement, nnnemonics, and mother's maiden names: Passpet: 

convenient password managemen.L^^^^^ phishing protection 

Ka-Ping Yee, Kragen Sitaker 

July 2006 Proceedings of the second symposium on Usable privacy and security 
SOUPS '06 

Publisher: ACM Press 

Full text available; ^ pdf(479.35 KB) Additional Information: full cita tion, abstra ct, re fer enc es. Index terms 

We describe Passpet, a tool that innproves both the convenience and security of website 
logins through a connbination of techniques. Password hashing helps users nnanage 
multiple accounts by turning a single memorized password into a different password for 
each account. User-assigned site labels (petnames) help users securely identify sites in 
the face of determined attempts at impersonation (phishing). Password-strengthening 
measures defend against dictionary attacks. Customizing the user interfac ... 
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This paper addresses the identifier ownership problem. It does so by using characteristics 
of Statistical Uniqueness and Cryptographic Verifiability (SUCV) of certain entities which 
this document calls SUCV Identifiers and Addresses, or, alternatively,. Crypto-based 
Identifiers. Their characteristics allow them to severely limit certain classes of denial-of- 
service attacks and hijacking attacks. SUCV addresses are particularly applicable to solve 
the address ownership problem that hinders mechani ... 
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+'certificate +iclentlfier +list' +'secure +container' 



Nothing Found 

Your search for +'certificate +identifier +list' +'secure +container' did not return any 



You may want to try an Advan c ed S e arch for additional options. 

Please review the Quick Ti ps below or for more information see the Se arc h Ti ps. 

Quick Tips 

• Enter your search terms in lower case with a space between the terms. 



You can also enter a full question or concept in plain language. 

Where are the sales offices? 

• Capitalize proper no^^^^ to search for specific people, places, or 
products. 

John Colter, Netscape Navigator 

• Enclose a phrase in double quotes to search for that exact phrase. 

"museum of natural history" "museum of modern art" 

• Narrow your searches by using a + if a search term must appear on a 



• Exclude pages by using a - if a search term must not appear on a page. 

museum -Paris 

Combine these techniques to create a specific search query. The better 
your description of the information you want, the more relevant your 
results will be. 

museum ^''natural history" dinosaur -Chicago 
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Nothing Found 

Your search for +'secure +container' +'identifier +list' did not return any results. 
You may want to try an A dva nced S earch for additional options. 
Please review the Qui ck Ti ps below or for more information see the Se^sh Tips 
Quick Tips 

• Enter your search terms in lowe r ca se with a space between the terms. 

sales offices 

You can also enter a full question or concept in plain lan g ua ge. 

Where are the sales offices? 

• Capitalize proper nouns to search for specific people, places, or 
products. 

John Colter, Netscape Navigator 

• Enclose a phrase in double quotes to search for that exact phrase. 

"museum of natural history" "museum of modern art" 

• Narrow your searches by using a + if a search term must a pp ea r on a 
page. 

museum +art 

• Exclude pages by using a - if a search term m us t n ot appe ar on a page. 

museum -Paris 

Combine these techniques to create a specific search query. The better 
your description of the information you want, the more relevant your 
results will be. 

museum +"natural history" dinosaur -Chicago 
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